Site icon Afzal Badshah, PhD

Understanding Application Layer Protocols

Afzal Badshah, PhD

The Application Layer sits at the very top of network architecture and provides the interface between human-facing applications (web browsers, mobile apps, email clients, file transfer tools) and the underlying network. A user never sees layers 2, 3, or 4 directly; instead, they interact with services like browsing a website, sending an email, accessing cloud storage, or opening an app. All these actions are possible only because Application Layer protocols define how data is formatted, requested, transferred, and displayed.

A formal definition is:

"The Application Layer is the top layer of the TCP/IP model responsible for providing network services directly to end users and applications, enabling communication such as web browsing, email transfer, file access, and name resolution."

Different applications require different rules. For example, a browser needs a protocol to fetch webpages (HTTP/HTTPS); emails need their own structured communication (SMTP + MIME); name lookup requires DNS; file transfer needs FTP. This tutorial covers five foundational protocols a BS student must understand both theoretically and practically.

DNS – Domain Name System

Humans think in names (google.com), while machines communicate using numeric IPs (142.250.195.78). DNS bridges this gap. Without DNS, the Internet would feel like memorizing phone numbers for every contact.

"DNS is a distributed naming system that translates human-readable domain names into machine-understandable IP addresses."

How DNS Works (Simple Real-Life Flow)

When you open a website:

  1. Your computer needs the IP of that domain.
  2. It asks a local DNS resolver.
  3. If not found, the resolver queries authoritative DNS servers.
  4. The IP is returned and cached.
  5. The browser connects to that IP.

DNS uses different record types, each serving a specific purpose in the name‑to‑IP translation process. An overview of the most important record types is:

A: maps a domain name to an IPv4 address.
AAAA: maps a domain name to an IPv6 address.
MX: identifies the mail server for the domain.
CNAME: creates an alias that points to another domain.

In practice, these records simply help the resolver decide which information to return when a user requests a domain. When captured in Wireshark, these records appear inside DNS responses, typically transmitted over UDP on port 53.

Wireshark Hands-On: Observing DNS Traffic

Step 1: Start Wireshark → select your active interface.
Step 2: Apply DNS filter:

dns

Step 3: Open any website, e.g., www.wikipedia.org.
You will see:

In the packet details, observe:

This confirms how DNS converts names to addresses.

HTTP and HTTPS – Web Access Protocols

Every time you open a webpage, watch YouTube, search Google, or use any web app, you are using HTTP/HTTPS.

"HTTP is a stateless, request–response protocol used for transferring web resources between a client and a web server."

"HTTPS is the secure version of HTTP that uses TLS/SSL encryption to protect the confidentiality and integrity of data."

HTTP is like sending a request letter to a shopkeeper; HTTPS is the same but inside a locked envelope.

How HTTP Works

When you type a URL:

  1. Browser sends an HTTP request to the server.
  2. Server responds with an HTTP response.
  3. Browser renders the webpage.

A request has:

HTTPS works exactly the same but encrypted.

Wireshark Hands-On: Observing HTTP/HTTPS

For HTTP:
Use filter:

http

Visit a non-HTTPS site such as http://neverssl.com.
Observe:

For HTTPS:
Use filter:

tls

You will not see the actual message content because it is encrypted, but you will observe:

This clearly shows the difference between HTTP (visible) and HTTPS (encrypted).

SMTP – Sending Emails

Email communication uses SMTP. When you click “Send,” your mail server transfers your message to the recipient’s server using SMTP. It is a reliable, store-and-forward mechanism.

A precise definition:

"SMTP is a protocol used to transfer outgoing email messages from a client to a mail server and between mail servers."

How SMTP Works

A simplified flow:

  1. SMTP client connects to SMTP server (port 25).
  2. Server greets with 220.
  3. Client sends:
    • HELO
    • MAIL FROM:
    • RCPT TO:
    • DATA
  4. Server accepts the message.
  5. Server forwards it to the recipient’s mail server.

SMTP handles sending only. Receiving is handled by POP3/IMAP.

Wireshark Hands-On: Observing SMTP

Use an email client like Thunderbird.

Step 1: Start Wireshark and filter:

smtp

Step 2: Send a test email.

You will see:

This shows the full email conversation.

FTP – File Transfer Protocol

FTP was designed to move files between computers. Although old, it is still used in hosting panels and legacy systems.

Definition:

"FTP is a protocol that enables file upload and download using separate control and data connections."

It uses two channels:

How FTP Works

  1. Client connects to server on port 21.
  2. User logs in.
  3. Client sends file transfer commands.
  4. Server opens data channel and transfers file.

FTP has two modes:

Wireshark Hands-On: Observing FTP

Step 1: Use FileZilla Client or a public FTP server.
Step 2: Start Wireshark → filter:

ftp

Step 3: Log in and download a small file.

You will observe:

MIME – Enabling Attachments in Emails

SMTP alone could not send images, PDFs, or audio. MIME extends SMTP to handle multimedia.

Definition:

"MIME is an extension of email protocols that allows transmission of text, images, audio, video, and attachments using standardized encoding formats."

How MIME Works

Inside an email message, MIME:

A simple MIME snippet:

Content-Type: multipart/mixed; boundary="XYZ123"
--XYZ123
Content-Type: text/plain
Exit mobile version